Reputation: 149
Redshift Column Level Encryption and Decryption
I want to load data (few encrypted fields) into Redshift and few users should have access to decrypt those encrypted fields. Please suggest the best approach to achieve the result.
I tried the below python udf but it did not work. Redshift Python encrypt/decrypt UDF Error - String contains invalid or unsupported UTF8 codepoints
How should we enable to encryption/decryption at column/field level in Redshift
Upvotes: 2
Views: 5991
Answers (1)
Reputation: 269320
If you wish to secure the data by encrypting the data, you would need a way to pass the encryption key with the query, otherwise anybody with permissions to use the UDF could decrypt the data by simply calling the Decrypt UDF. Such encryption is only useful if you wish to enforce encryption at rest, which is easier done by configuring Redshift to encrypt all data at rest. (Note that this can have a performance impact.)
The recommended method of controlling access to columns is to restrict access to the underlying table, but grant access to a VIEW that contains only the permitted columns:
CREATE VIEW my_view AS SELECT col1, col3 from my_table;
GRANT SELECT ON my_view TO GROUP restricted_group;
REVOKE ALL ON my_table FROM GROUP restricted_group;
Upvotes: 3
Related Questions
- AWS Redshift : DISTKEY / SORTKEY columns should be compressed?
- Column level encryption in Snowflake
- Enabling Encryption on a Redshift Cluster with existing data
- How to implement row level security (RLS) for raw sql access to amazon Redshift?
- AWS Redshift database encryption
- Server Side encryption in Dynamodb table
- Decrypt Amazon Redshift CSV dump
- Redshift column storage method
- Columnar database queries in Amazon Redshift
- Encoding in temp tables in RedShift